The primary responsibility of the Sr. Cybersecurity Engineer is to provide direct expertise and guidance to the Naval Operational Supply System (NOSS) Program within the Navy Command and Control Program Office, PMW-150.
Developing, refining and communicating Cyber security strategy with NOSS program leadership and external government agencies (e.g., SPAWAR STILO, DON CIO).
Development of the NOSS Cyber Security Strategy and Program Protection Plan documents.
Capturing and refining cyber security requirements for the NOSS Program of Record.
Integrating information requirements into system designs and documentation.
Provide subject matter expertise and ensuring program compliance with government cyber security requirements and Risk Management Framework (RMF) processes.
Provide risk assessment critiques and evaluations relative to NIST 800-30.
Understand DoDI 8500.2 IA controls and common vulnerabilities and exposures (CVE).
Be able to perform and review Test & Evaluation procedures in accordance with DISA guidelines and perform risk assessments based off that testing.
Recommend cyber security-specific Test & Evaluation procedures.
ODAA on reciprocity agreements for certified applications.
Supporting the development and submission of the NOSS IATO/ATO packages.
Others related duties as assigned.
Active DOD Security Clearance required.
Minimum 7-10 years relevant work experience in the cyber security field (work experience should include Risk Analysis efforts, system testing using DISA STIGS and industry automated scanning tools).
Must have experience with the identification, development and oversight of appropriate DoD cyber security policy, processes and procedures.
Must have extensive experience implementing DIACAP and at least be cognizant of DoDI 8510.01 (i.e. Risk Management Framework).
Must have experience translating complex cyber security principles to support decision-making by program leadership.
Thorough working knowledge of Navy cyber security guidance documents, messages, and instructions (e.g., as promulgated by DON CIO, OPNAV, DoD and NAVNETWARCOM).
Thorough working knowledge of the Information Assurance Vulnerability Management Process (IAVM) and FISMA requirements.
Must be familiar with the DoD acquisition life cycle and be capable of providing cyber security input to acquisition documents as necessary (e.g., acquisition strategy, systems engineering plan).
Ability to technically analyze system vulnerabilities, related vendor patches and workarounds, and overall effectiveness of technical mitigations that may be put in place to reduce attack surfaces, threat vectors, or related impact of a given vulnerability.
Strong technical understanding of the OSI model, networking, system architecture analysis, and the ability to characterize and discuss findings at all layers of the OSI model from Physical Layer to Application Layer.
Broad technical knowledge of system architectures, network elements and protocols, and system software. Strong direct technical experience in the field of information security, to include hands on experience using security tools, penetration testing, and current/emerging threats in the vulnerability/exploit community.